Privacy Policy

Our Privacy Policy
Protecting Your Privacy

The LASCANA Privacy Policy was updated on: June 06, 2023.

Grattan PLC together with Freemans PLC make up Freemans Grattan Holdings (FGH) who are jointly the controllers for the personal data we have about you and the people who are responsible for keeping it safe and using it legally. Freemans plc and Grattan plc use the trading names bonprix, Witt International, Curvissa, Look Again, Swimwear365, Kaleidoscope, Clearance365, Gifts365 and Lascana. FGH knows that how we use your personal data is important to you so we are committed to only collecting the data that we need to provide a good shopping experience to you and to keep it safe while giving you as much control as possible over how your data is used.

We process your data in accordance with relevant data protection and privacy laws because processing is necessary to fulfil our contract with you, because there is a legal obligation upon us or because it is in our legitimate interests. Where we need your consent to process data we will ask you clearly for that consent and provide a means for you to easily withdraw that consent at any time.

The sorts of information that we collect will include personal details including your name, address and date of birth, financial details and your buying history.

If you have any questions, comments or complaints about how we use your data, you can email our Data Protection Officer at dataprotection@lookagain.co.uk, or complete our online web form or write to him at our headquarters: 66-70 Vicar Lane, Bradford, West Yorkshire, BD99 2XG. You also have the right to complain to the UK regulator of privacy regulation, the Information Commissioner, whose contact details appear in our detailed privacy policy.

What we use your data for

Fulfilling orders

We collect your personal data to fulfil the orders you make with us for products and services. This includes providing our customer services to you and to handle any comments, compliments or complaints you choose to make.

Learn More

This includes showing you the products you want to buy, and knowing where you live and how to contact you. It also includes taking your payment details and processing them so you can pay for what you buy and checking you can afford to purchase what you have asked for and that you are of an appropriate age to do so. We do this as our core business activity selling fashion, electricals and other products to people who want to order online or through mail order.

Marketing

We send you details of products we think will be of interest to you and we do this by post, by email, through our apps (with your consent), by SMS and by other means. We will also process your personal data, including by profiling the data you give us and data we obtain from other sources, as part of our marketing processes to try and make product suggestions and provide special offers that we hope will excite and delight you.

When we collect your email address or mobile telephone number in the course of a sale or negotiations with you for a sale, we may use it to send you special offers and information related to our own similar products. If you do not wish us to use your email or mobile phone number for this purpose please email dataprotection@lookagain.co.uk with the words ‘Opt-out’ in the subject line and your name, postcode, email address and mobile number in the body of the email. You can do this at any time.

Learn More

Making sure the offers and suggestions we send you are appropriate for you by using your personal data to make predictions about what you will like helps make our marketing more efficient, keeping costs lower for all of our customers. We also try to encourage new customers to shop with us by sending them direct marketing, mainly through the post. We process details of how you browse our websites and use this information to target advertising when your browse the internet or through emails. We do this to ensure that our company grows and to link people with products that they are interested in.

Trading, selling and buying data

In common with other major e-commerce and home shopping retailers we share information on customers who may appreciate the chance to shop with more than one company. We place data in co-operative data pools and withdraw data provided by other companies. Sometimes we purchase databases or lists of people from data broking companies to market to potential new customers. We also sell personal data to companies who wish to understand individual customers better to target marketing more efficiently at them.

Learn More

As a major e-commerce and home shopping retailer we have an interest in a healthy industry of companies operating in a similar fashion. Sharing data helps us to grow this industry in ways that benefit our company and our customers. In order to grow our customer base we need to find the contact details of customers from other companies and this includes data brokers. Data is also valuable and as a private company we have to make a profit to survive and to continue to offer services to customers. So sometimes we will sell personal data directly to organisations who also wish to obtain new customers. This involves a financial transaction that helps our company to make reasonable profits and also to keep our product prices affordable for people who shop with us.

Providing credit facilities

One of our distinguishing characteristics as a company is that we help make our fashion, homeware and electricals more affordable by offering credit. We have to process significant amounts of personal data to make sensible decisions about offering people credit and how much credit to make available to them. We have to process data to verify not only your current financial standing but also to verify your identity and to make sure that the level of credit we offer you is still appropriate as your circumstances change. Sometimes things go wrong and we have to process data for debt recovery or to establish legal claims. We do this because it is good to offer people a range of choices for how to pay and using credit at a sensible level is an appropriate way for people to manage their finances.

Learn More

We process data about you to make an initial offer of credit based on verifying your identity, eligibility and financial standing. We collect information from you directly to do this and we also enhance this data with information from other sources. We collect data directly from you relating to your income, household income and number of financial dependents. This enables us to assess the affordability for you of any credit facility we offer.

We may from time to time make promotional offers such as Buy Now Pay Later (BNPL). Eligibility is decided by reference to a number of factors including the way you have managed your account with us. We may also use information from third parties when considering your eligibility for an offer. For example, to reflect the risk to our business we may use information from credit reference agencies to decide whether to offer you BNPL and the criteria may be different from those used in making the initial offer of credit. You may ask us to review any decision not to make you a BNPL offer on the basis that decision is made by solely automated means by emailing dataprotection@lookagain.co.uk.

We also have to process data to let our regulators know how we are treating you and also how well your management of your account reflects on your approach to credit generally. We have to ensure that we do not get defrauded and that we can recover money we are owed so we have to process information about the devices you use to interact with us including digital fingerprinting to prevent fraud. We also have to process information about your circumstances to ensure we take a responsible approach if you get into financial difficulties or to help us to enforce our legal rights if you decline to pay. Specifically we process data about your payment history with us and we share it with credit reference agencies. We do not use your consent to do this as this would incorrectly suggest that there is a choice for you when in fact we are required to share such data with the agencies as part of our duties as a responsible provider of credit.

Employer

We process data for the purposes of managing our employees and fulfilling our legal obligations to them. We also process data for the purposes of recruiting new employees. More details on this can be found on our website at https://www.fgh-uk.com.

General business activities

In common with any large business we need to process personal data (including CCTV images) for our general business purposes including the general security of our sites and ancillary purposes to our main processing such as cleaning, catering and events.

Testing our systems

We sometimes need to use live data in our testing or development environments. We delete this data on a regular basis.

Data we need to collect from you

We will always need to collect data about your name, date of birth, contact details and delivery details in order to fulfil our contract with you. We do not sell our products to people under 18. We will also need to collect information about your payment method and the bank details that go with it. If you apply for credit we will need to collect details of current and past addresses and details about your income and the number of dependants in your household. We have to collect details from the credit reference agencies in order to meet our obligations to only ever offer you credit at a level sustainable for you. Our systems also require us to collect your date of birth for security purposes and so that you can access your account. This will also be used to verify your age and identity and for marketing purposes. Credit checking will involve us processing some information about people who are financially linked to you. We do not receive their personal details but they may affect scores we receive from credit reference agencies. Financially linked people may affect the scores and attributes we receive about you but we do not directly process the information that produces these scores and attributes. All of the information we collect from you will also be used for debt tracing and the prevention of money laundering as well as the management of your account. We may also share it with fraud prevention agencies or debt collection companies.

Learn More

For our legitimate interests in running a business we also collect your contact details from people who sell and/or rent data for marketing purposes as well as performing mutual swaps of contact details with other companies who sell similar products to us. You can opt out of this sharing at any time by emailing dataprotection@lookagain.co.uk.co.uk. We also use your date of birth and information about your buying habits with us and other retailers to ensure that the offers and product information we send to you is suitable for both your interests and your circumstances. We also use data about your browsing on our websites to assist us in personalising your browsing experience and providing you with appropriate offers exactly when you need them. We also use information on your available credit with us to try and offer you only products you can afford.

We randomly monitor and record calls to our customer services and other departments. This helps to ensure that we provide you with the highest level of service and maintain quality standards.

Security

The security of your personal data is very important to us. We have put in place reasonable physical, electronic, and administrative procedures to safeguard the information we collect. Access to your personal data is granted only to those employees who require it in order to perform their duties. You do need to take some steps of your own to help us keep you safe.

A good source of information for how to stay safe is the website staysafeonline.org.uk that can provide you with helpful tips about securely browsing the internet.

Please be assured that we will never contact you or send emails asking you to provide personal information or to confirm your security details online. We would strongly advise you not to respond to any emails or websites that ask you to do so. If you are asked to do so by someone claiming to represent us, it is not a legitimate request and you should not respond or provide any information to them.

Learn More

We use encryption and pseudonymisation to help us keep your information secure and we take steps to protect the electronic and physical security of our data assets including keeping our servers in secured buildings and limiting access to our IT systems.

We provide training in cybersecurity to our staff and mandatory awareness training in Data Protection to all staff who may come into contact with personal data. Some groups of employees receive role specific training if they are likely to come into contact with personal data that we view as requiring a higher level of protection.

Where employees have access to personal data their access is restricted to only the personal data they need to do their job. Where we transfer data to processors or suppliers we use encryption, secure file transfer protocol (sftp) and password protection of files to ensure that data cannot be used by anyone other than the individual who it is intended for.

Data sharing

We will pass information about you to suppliers or contractors, service providers and employees to carry out services such as delivering your goods. Significant partners in this are Evri and the Royal Mail.

If we enter a credit agreement with you we will supply details of your agreement with us to the Credit Reference Agencies, as well as ongoing details of your account and how you manage it.

We also share your details with other fashion, homeware and electrical retailers who sell similar products to ours. The data of other potential customers is returned to us in exchange. When we first collect your data we ask you clearly if you wish to opt out of this data sharing and we provide other opportunities to do this in the ‘My Account’ section of our website. You can also contact the Data Protection Officer to opt out using the contact details in this privacy policy.

The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found by clicking https://www.cifas.org.uk/fpn.

Learn More

We will continue to receive data from Credit Reference Agencies on a monthly basis for the period that your credit account remains open. If you do not repay on time or in full, we will tell the Credit Reference Agencies who will record details of the debt. All this information will be seen by other organisations carrying out later searches. You have the right of access to your personal records held by Credit Reference and Fraud Prevention Agencies. We use data held by Experian, Equifax and CallCredit.

We, the Credit Reference Agencies and Fraud Prevention Agencies may also use the records for statistical analysis about credit, insurance and fraud.

You can get more information about how the Credit Reference Agencies use your information at the following websites:

Transunion: www.transunion.co.uk/crain

Equifax: www.equifax.co.uk/crain

Experian: www.experian.co.uk/crain

If you do not repay the money you owe, we will pass your information on to companies who recover debt.

These companies will also pass data about you to us and include or have included:

Lowell Financial Ltd - https://lowell.co.uk/

EOS UK - https://uk.eos-solutions.com/services/debt-collection/

Moorcroft Debt Recovery Ltd - https://www.moordebt.com/

We will also share your details with registered insolvency practitioners and other companies involved in managing insolvencies.

There are two principal ways in which we share data with other retailers in exchange for data about prospective customers. One is through data co-operatives where a number of retailers share information on their customers both to improve our understanding of our customers and to exchange details. The other means is by direct swaps of customer lists with other fashion, homeware and electrical retailers.

We are part of a wider group of companies, the Otto Group. We sometimes transfer personal data to our sister companies in the Otto Group on occasion. Details of who these companies are can be found here https://www.ottogroup.com/en/ueber-uns/konzernfirmen/hermes-europe.php

In the event of our business, or any part of it, being sold your data will be transferred to the purchaser of the business.

As part of our normal operating procedures as a large business we are sometimes required to send personal data about our credit customers to banks in order to securitise our operating funding. We do this with the Royal Bank of Scotland and it has no impact on you as an individual.

We may also share your information with the police, our regulators and other government agencies where required to do so by law or a regulatory request.

Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity. Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information, employment details, device identifiers including IP address and vehicle details. We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime. We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years. As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct; or is inconsistent with your previous submissions; or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making that are detailed below in the section “How to complain or object” If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us using the details below. Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.

Your statutory rights

You have the right to a copy of the information we hold about you and the right to ask us to correct any information we hold that is wrong. You can also ask us to delete some of your data or to have that data given to you in a portable format. You can also object to how we process your data or ask us not to process it in certain circumstances. You can also ask to have any decisions made automatically about you by a computer, such as a refusal to offer you credit, to be reviewed by a person. To exercise any of these rights please email dataprotection@lookagain.co.uk or complete our online web form.

When we collect your email address or telephone number in the course of a sale or negotiations with you for a sale, we may use it to provide you with special offers and information related to our own similar products. These will be by text message to a mobile number. If you do not wish us to use your email or phone number for this purpose please email dataprotection@lookagain.co.uk with the words ‘Opt-out’ in the subject line and your name, postcode, email address and mobile number in the body of the email. You can do this at any time

Learn More

The Right to Access enables you to get confirmation of whether we have any information about you and to get a copy of that information as well as to understand why we have it, what we use it for and where we got it from.

The Right to Portability enables you to get some of your information in an easily machine readable format. This right is only applicable where the data is used for the performance of a contract or relies on your consent and is data that you provided to us. For our company that means we will give you a machine readable copy of your transaction data (ie the items you ordered and payments you made) and any device fingerprinting data we have that we collected based on your consent.

The Right to Rectification says that we will correct any inaccurate data we hold on you. We would always want to correct inaccurate data. Where we disagree that the data is inaccurate you can ask to have an explanation attached to the data making clear that you disagree with us and why.

The Right to be Erasure (Right to be forgotten) means that we must delete data on you if the reason we collected it is no longer valid, if we asked for your consent and you chose to withdraw it, if we do not have a sufficiently strong legitimate interest to use it and you object, if we have used it unlawfully or if we are required to forget you by law. This does not mean that we will erase information about your credit account or the way you have managed it. This information is processed as part of our contract with you and as a responsible lender we are required to keep this data for seven years. We also keep a record of your request for erasure, and if you ask us not to contact you for marketing purposes we keep a copy of your details to make sure we do not send you marketing in future. This is known as a suppression list.

The Right to Restriction means that we won’t process your data at all (apart from storing it) while we verify its accuracy, establish whether our processing is lawful or where we don’t need the data but you want us to keep it for establishing legal claims. If you ask us to assess whether our processing is within our legitimate interests, necessary and does not override your legitimate interests we have to restrict processing of your data. We will tell you before we start to use it again

The Right to Object applies whenever we process data in our legitimate interests. You have the right to ask us to consider any objection you have to the way we process your data and if we cannot show a compelling reason to continue we have to stop. This right also gives you the ability to tell us not to send you any direct marketing from any of our brands at any time by dataprotection@lookagain.co.uk. This is an absolute right that we are committed to respecting.

How long we keep your data for

We have a detailed retention policy that covers specific cases of where we may need to keep data for longer than the periods described below, but in general this information should help you to understand how long we will retain your data for.

For data relating to credit and other financial matters, our regulatory framework will generally require us to keep your data for six years after we have ended a contract with you. After this time we will delete it unless required to keep it by you or by an obligation imposed on us by a regulator or the law.

We will seek to retain data on your purchase history with us for six years. If you have not purchased from us in six years we will seek to delete your personal data entirely unless we have an ongoing contractual relationship.

Data that we use for fulfilling an order directly and that is used for no other purpose will be kept for 14 months. This enables us to deal with any complaints about items or their delivery before deleting the data.

We store the data that we collect about your browsing habits for two years, although we may store anonymised data for longer to analyse trends.

Learn More

We start to delete much of the data on previous employees with no disciplinary records after two years. We will retain enough information to show that someone worked for us, or the reasons for their dismissal.

There will be situations where we need to keep very specific data for longer. For example, we will retain all currently held data on PPI sales until at least August 2019. If other financial products are subject to significant remediation or are viewed as significant risks to customers, we will retain data for longer than described in this privacy policy.

Our lawful bases for using your data

Fulfilling orders

We rely on the fact that we are fulfilling a contract with you to process data relating to order fulfilment.

Marketing

We rely on our legitimate interests as a retailer to market our products to you. This includes where we share data with other retailers for which we always provide you with a means to opt out as a safeguard. You can read more about this in the ‘How to complain or object’ section of our privacy policy.

Trading, selling or buying data

We rely on our legitimate interests as a retailer to trade, sell or buy data. This includes where we share data with other retailers for which we always provide you with a means to opt out as a safeguard. You can read more about this in the ‘How to complain or object’ section of our privacy policy.

Providing credit facilities

We rely on the fact that we are fulfilling a contract with you to process your personal data for the purpose of providing you with credit. Some of the information we process in the course of our credit provision work is based on legal obligations to which we are subject including anti-money laundering legislation. For certain types of fraud prevention we will ask for your explicit consent to process your data. It will be clear to you when we do so and it will last only for the period of time it takes us to perform anti-fraud checks. We share information with credit reference agencies both for fulfilment of our contract with you (including the need to treat you fairly under Financial Conduct Authority requirements) and because it is in the legitimate interests of the credit reference agencies and us for a robust system to exist for the purposes of making decisions on whether to provide credit.

As an employer of staff we process personal data for the fulfilment of a contract with our employees or with the recruitment or employment agency that we commission to provide us with staff. For prospective employees we process personal data in order to take steps preparatory to entering into a contract.

Our general business activities are largely performed by relying on our legitimate interest to trade and to undertake commercial activity. Some of our sharing of personal data with our regulators or with law enforcement or government agencies is performed on the basis of a legal obligation to which we are subject.

We use live data in our testing systems because it is within our legitimate interests to do so and we protect your legitimate interests by segregating our data from the data in our production systems.

Learn More

For marketing to you by email or SMS, we rely on our legitimate interests using the soft opt in provisions of the Privacy and Electronic Communications Regulations.

For marketing to you through push notifications to our apps on mobile devices we rely on your consent, which you can withdraw at any time on your device.

This privacy policy describes our lawful bases for our major activities. Within those activities there may be specific processes where we rely on a different lawful basis.

Consent

The data controllers have made a policy decision not to rely on previous consent for our processing activities and not to use it in preference to other lawful bases that we feel are more appropriate. Where we do ask for your consent this will be clear and by virtue of an affirmative action such as ticking a box or signing a document. If you give your consent we will always give you an easy way to withdraw it at any time.

Learn More

We accept the guidance issued by the Information Commissioner’s Office on the subject of consent. This means that where we use an opt out mechanism this is a means of allowing you to object to processing that we perform because we believe it is in our legitimate interests. The opt out mechanism is a means of giving you control but we fully accept it does not indicate consent. We will always respect any opt out that you choose to exercise and will never seek to over-ride it using our legitimate interests.

Who we get personal data from

We are part of a wider group of companies, the Otto Group. Occasionally, we receive personal data from our sister companies in the Otto Group. Details of who these companies are can be found here https://www.ottogroup.com/en/ueber-uns/konzernfirmen/hermes-europe.php

International transfers of data

In the course of providing our services, we may transfer your personal information outside the European Economic Area. Where this is the case, we will employ appropriate security measures to protect your personal information to at least the same standard as found in the EU. These will include the EU/US Privacy Shield and standard contract clauses provided by the EU Commission.

Learn More

Some of our suppliers despatch goods directly to you. They will receive your delivery details and some contact details including your phone number and email address to enable them to do this. Where these companies are outside the European Economic Area we have a binding contract with them to protect your personal data.

Companies that use EU Commission standard contract clauses

Conversant – This is a company that uses data on what you have bought from us in the past to ensure that the adverts from us you see on the internet are of a product you may wish to buy instead of the last product you viewed on our websites. Details of how to opt out of this are in our cookie policy.

Automated decision making

We use automated decision making for the purposes of making judgements about whether to provide you with credit, and whether to extend, maintain or reduce the level of credit we provide to you. In the event of your application for credit being refused on an automated basis you have the right for it to be considered by a person rather than a computer. If you wish to take up this right please email dataprotection@lookagain.co.uk with your details including when you made the application.

Learn More

We also use automated decision making and profiling when deciding what offers you receive with our marketing. We do not believe that this has a significant and serious enough impact on you to require us to reconsider the results of this profiling. If you object to any profiling of you for direct marketing purposes please email dataprotection@lookagain.co.uk.

What happens when things change

Whenever our privacy policy changes we will put the date it changed at the top of this page.

If we make a very significant change to our privacy policy we will highlight it to our customers who are affected either by letter, by email or some other direct means.

If we make moderate changes we may highlight them on the front page of our website or in some other manner.

Minor changes are made from time to time and we will simply update the privacy policy and change the effective date.

How to complain or object

You can contact our Data Protection Officer in a number of ways. You can email dataprotection@lookagain.co.uk or you can write to them at:

Data Protection Officer
LASCANA
66-70 Vicar Lane
Little Germany
Bradford
BD99 2XG

You can also call our customer services on 0333 200 8026.

Your complaint or query may initially be dealt with by a member of our customer services or regulatory compliance teams but you have the right to have your issue looked at by the Data Protection Officer if you are still dissatisfied.

If after complaining to us you are dissatisfied with how we have handled your data you can also complain to the Information Commissioner who is the independent regulator of your privacy rights. Their details can be found at www.ico.org.uk

Learn More

You can access any of your rights under the EU General Data Protection Regulation or the Data Protection Act through the same routes. These are described in detail in the section of this policy on your rights. We will normally attempt to resolve any underlying problem at the same time as we process your request to use your privacy rights.

Working at our company

If you send us your CV either by email or through our website we will retain it for a period of 6 months to consider you for all positions. If you only wish to be considered for one specific vacancy and to then have your CV deleted please let us know when you apply.

Please visit https://www.fgh-uk.com for our current vacancies and information about careers with us.

How you can stay secure

Phishing and social engineering

Phishing (pronounced 'fishing') is the name given to the illegal practice of sending emails that appear to come from a genuine company but are actually sent by a fraudster in an attempt to trick you into disclosing information about yourself. These emails usually ask you to update or verify your customer account information by clicking on a link that takes you to a bogus website where you are asked to enter for example your account number and password or other sensitive information. This information is then used for fraudulent purposes.

Social engineering is the practice of phoning or emailing you using details about yourself gained from sources including social media accounts to encourage you to give more information such as usernames and passwords.

Malware

Malware is an abbreviation for "malicious software" and is a term used to describe hostile, intrusive or annoying software that is installed on your computer without your consent and often without you realising it.

Password safety

It is good practice to change your password regularly. Don't use the same password for anything else, and don’t share it with anybody.

What should I do if I get an email that looks as it should but appears suspicious or asks me for personal information?

We will never ask for your personal or financial details by e-mail. You should not respond to something claiming to be from us and asking for such details.

If I think someone has obtained my information, what should I do?

If you are contacted by someone asking for further personal details, financial details, banking details or credit card details (or asking you to verify such details) you should not respond. Always follow the good practice described here, or visit www.getsafeonline.org.uk.

Where can I go to get advice?

www.getsafeonline.org.uk is a government –funded website which is packed with practical advice on what to look out for and the steps you should take to protect yourself.

Keeping your credit/debit card details safe

I use my credit card / debit card to pay for my purchases. Should I be concerned?

You can be assured that we have robust systems in place to prevent unauthorised access. Because we comply with the Payment Card Industry’s guidelines, you are also protected no matter which method you use to place your order.

Learn More

You should always make sure that your internet browser is up to date and that you have anti-malware software installed.

There are known security risks for users of Windows XP operating system when browsing with Internet Explorer. (Usually versions 7 & 8)

This has been proved to be insecure and leaves the customer’s details vulnerable to interception from a third party.

Because of this, we can no longer provide access to our website for these browser versions as this would put your personal data at risk.

If you wish to continue to access our website you will need to use a different device (if you have one available) or a different internet browser such as Chrome.

Microsoft have provided advice on supported versions of their browsers here:

www.microsoft.com/End-of-IE-support

Security steps we take

As a responsible retailer we use encryption where appropriate and we employ techniques including hashing and salting to prevent people from seeing values such as your email address when you are on our website.

We provide all staff with regular required training on data protection and cyber security and test their comprehension of the training before they are allowed to continue accessing personal data.

We restrict data access to those of our staff who need to see it to do their jobs.

Learn More

We maintain strict physical security controls including secure server rooms and staffed entrances to our buildings.

Staff are assessed for their reliability and suitability to handle personal data before they are employed in a role that allows them to access confidential customer information.

We have contracts in place with our suppliers that require them to keep data secure to at least the same standard as we do ourselves.

We are PCI-DSS level 2 compliant.

What to do if you think you are a victim of fraud

How to contact us if you think you may be a victim of fraud

If you have received a parcel, letter or email from us that you were not expecting and you think you may be the victim of identity theft, then please contact us as soon as possible so we can investigate.

You can contact our Fraud Investigations team by:

1. Phone: 0333 200 8026

2. Email: customer.services@lookagain.co.uk

3. Write to us: FGH, Fraud Investigations Team, 2 Nunnery Square, Sheffield, S2 5DD

Please have any account or parcel information to hand to help us deal with your enquiry.

What is identity theft?

Identity theft is where someone has obtained your personal details without your knowledge or consent, with the intent to fraudulently obtain goods and services in your name. It is one of the fastest growing crimes in the UK and anyone is at risk.

What else can I do?

If you think you may have been targeted, we suggest you apply for a copy of your personal credit report to ensure there are no unknown transactions or applications. In addition, it may be worth checking your bank or credit card statements for any unauthorised activity. You can apply for a copy of your credit file from the following agencies:

TransUnion

Visit www.transunion.co.uk.
Phone: 0330 024 7574
Write to: Consumer Services Team, TransUnion International UK Ltd, PO Box 491, Leeds, LS3 1WZ

Equifax Ltd

Visit www.equifax.co.uk.
Phone: 0113 380 8000
Write to: Equifax Ltd, Customer Service Centre, PO Box 10036, Leicester, LE3 4FS

Experian Ltd

Visit www.experian.co.uk.
Phone: 0800 013 8888
Write to: Customer Support Centre, Experian Ltd, PO Box 8000, Nottingham, NG80 7WF

Where can I get further information about ID theft?

FGH are a member of the fraud prevention agency, CIFAS. More information about how ID theft occurs and how to protect yourself from further fraud can be found by visiting the CIFAS website:

www.cifas.org.uk.

Alternatively, you can also find some useful information on the ActionFraud website: